Oracle attack on Helio, enabled by a separate hack on Ankr, allows attackers to steal $15 million

Attackers were able to take advantage of an exploit on the Ankr protocol to obtain around 183,000 aBNBc tokens for only 10 BNB (~$2,900). Before the Ankr exploit, which crashed the price of aBNBc, this many aBNBc tokens would have had a notional value of around $55.5 million. An issue with the price oracle on the staking platform Helio allowed attackers to borrow 16,444,740 HAY, a stablecoin intended to be pegged to the US dollar. The attackers then swapped those HAY for around $15 million in the BUSD stablecoin. Meanwhile, the HAY stablecoin lost its peg, crashing as low as $0.20.

Ankr defi project exploited for over $5 million

The BNB Chain-based Ankr defi protocol suffered an exploit of their aBNBc token. "We are currently working with exchanges to immediately halt trading," they wrote. However, the attacker had already bridged and tumbled around $5 million in funds from the exploit before the announcement was even made.

The attacker, and possible subsequent copycat attackers, used a vulnerability in the project smart contract to mint quadrillions of aBNBc, which they then swapped to various other tokens.

Binance halted trading on aBNBc tokens, as well as on HAY tokens, a stablecoin project that was subsequently exploited. Ankr also tweeted that "We have been in touch with the [decentralized exchanges] and told them to block trading", although decentralized exchanges are typically not supposed to be able to "block trading".

Flare token rug pulls or is exploited for $17 million

Chart showing the price of $FLARE (denominated in USDT) over the previous five days. The price hovered between $18 and $20, until briefly spiking to around $25 before plummeting to $0.000001754.FLARE/USDT (attribution)
Exploits and rug pulls of random tokens on BNB Chain are fairly commonplace, but typically the amount of money lost is fairly minimal. In this case, exploiters or insiders were able to siphon 3.9 billion $FLARE from the Flare project, which they swapped for just under $17 million.

This serves as a good example of how theft amounts shouldn't be naively calculated based on the token price before the theft × the number of tokens stolen. $FLARE was priced at around $18.25 before the attack, and a naive calculation would place the theft amount at $71 billion. However, the lack of liquidity caused the token price to plummet to $0.0000018, and the attacker ultimately ended up with around $17 million.

Over $4 million drained from DeFiAI

"Our contract has been hacked and has caused a lot of losses," wrote DeFiAI simply in their announcement. That same day, the project had announced the launch of a new website for their project.

The total funds stolen appear to be around $4.17 million, according to analysis by SlowMist.

FTX claims it was hacked as more than $600 million is withdrawn

Telegram screenshot of a message by Rey: "Ftx has been hacked. All funds seem to be gone. FTX apps are malware. Delete them. Chat is open. Don't go on ftx site as it might download Trojans."Screenshot of a message from an FTX Telegram admin (attribution)
Over $600 million was mysteriously withdrawn from FTX and FTX US late on November 11, despite the company freezing withdrawals.

An FTX account administrator wrote on the FTX support Telegram, "FTX has been hacked. FTX apps are malware. Delete them. Chat is open. Don't go on FTX site as it might download Trojans". The message was pinned by FTX General Counsel Ryne Miller.

Miller later wrote on Twitter, "Investigating abnormalities with wallet movements related to consolidation of ftx balances across exchanges - unclear facts as other movements not clear. Will share more info as soon as we have it."

A Telegram admin subsequently wrote, "Not all hope is lost. Engineers have managed to retrieve substantial amount of funds," but no details were provided beyond that. A later announcement by Miller claimed that FTX had "initiated precautionary steps to move all digital assets to cold storage", suggesting some of the transfers may have been a part of that effort.

Many speculated that the so-called hack had been coordinated by insiders.

Early crypto investor loses $42 million in wallet compromise

Bo Shen, a general partner at Fenbushi Capital and an early adopter of cryptocurrencies, tweeted on November 22 that two weeks prior, someone had stolen $42 million in cryptocurrencies from his personal wallet. "The stolen assets are personal funds and do not affect on Fenbushi related entities," he wrote.

Analysis by the crypto security firm SlowMist attributed the theft to a compromise of Shen's seed phrase. Shen had been using the Trust Wallet software, though the theft does not appear to be related to security issues with the wallet software.

DFX Finance suffers $5 million loss

An attacker was able to use a flash loan to exploit a vulnerability in the smart contract for DFX Finance, a decentralized forex trading platform. The platform suffered a loss amounting to around $5 million. The attacker subsequently laundered the funds through the Tornado Cash cryptocurrency tumbler. The attacker didn't make off with the entire amount lost from the platform, partly due to an MEV bot snagging a significant amount of the funds.

U.S. Attorney convicts individual in 2012 theft from the Silk Road, announces seizure of over 50,000 Bitcoin priced at more than $1 billion

The U.S. Attorney's Office for the Southern District of New York announced that they had convicted James Zhong with wire fraud pertaining to his 2012 theft of around 50,000 Bitcoin from the Silk Road online marketplace. Zhong pled guilty to one count of wire fraud.

The government has filed a motion in the case against Ross Ulbricht, the founder and operator of the Silk Road who is serving life in prison, seeking to retain the seized Bitcoin. At the time of seizure in November 2021, the Bitcoin were notionally worth $3.36 billion. On the date the charges were announced, they would be notionally worth $1.06 billion.

Pando exploited for $20 million

The defi protocol Pando suffered a $20 million loss when it was exploited with an oracle manipulation attack. The protocol suspended several of its projects in response to the hack, and wrote that they hoped to negotiate with the hacker to regain some of the stolen proceeds. Some of the stolen funds were able to be locked, although it's not clear if it was the total amount.

Monkey Drainer steals dozens more NFTs, nets around $867,000

The "Monkey Drainer" NFT phishing scammer first identified by blockchain detective zachxbt has struck again. They successfully emptied 7 CryptoPunks and 20 Otherside NFTs, which they flipped for 522 ETH (~$867,000). The scammer then laundered the funds through the Tornado Cash cryptocurrency mixer.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.